• Embedded Cybersecurity Engineer

    Location US-TX-Fort Worth
    Posted Date 2 days ago(11/15/2018 9:58 AM)
    Job ID
    2018-5905
    # Positions
    1
    Business Unit
    Engineering
    SECURITY CLEARANCE
    Secret
  • Overview

    The Embedded Cybersecurity Engineer is responsible for the integration of cybersecurity requirements into the full system lifecycle of Elbit Systems of America’s products. The candidate shall be experienced in developing Risk Management Framework (RMF) artifacts and shall understand system categorization and deduce NIST, DoD, CNSSI and NSTSSM regulations into product cybersecurity requirements.

    The candidate shall provide guidance for NIST 800-53 and CNSSI 1253 security controls, security hardening of products, derive and manage security requirements, risk management, technical planning, threat and vulnerability assessments, systems level design, systems integration, verification and validation including security testing and evaluation, and supportability and effectiveness analyses for the total systems.

    Responsibilities

    Responsibility:

    • Leads program cybersecurity risk mitigation efforts using the Risk Management Framework (RMF)
    • Evaluates new and existing embedded systems and architects the software, firmware, and hardware requirements from a system engineering perspective
    • Directs development efforts to ensure cybersecurity controls are integrated to meet platform security posture and the Department of Defense (DoD) Authorizing Officials program requirements
    • Oversees the formal Security Test and Evaluation process required by each government acceptance and approval authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports
    • Leads product security reviews with the ability to communicate issues and risks in business terms and make recommendations that balance risk/reward tradeoffs
    • Recommends embedded cybersecurity defense and countermeasures for avionics product designs
    • Researches, evaluates, and assesses emerging embedded cyber security threats and technologies
    • Evaluates and tests new cybersecurity tools and capabilities
    • Analyzes static and dynamic source code scans to achieve Software Assurance (SwA) goals
    • Mentors other cybersecurity interns/employees as required
    • Suggests and implements new tools and efficiency improvements for development of secure software

     

    Experience / Skills needed:

    • Experience with the Risk Management Framework (RMF)
    • Strong knowledge of embedded system security architectures and engineering approaches to building system security solutions
    • Full system engineering lifecycle experience, requirements analysis and mapping, testing, implementation, and validation.
    • Experience with Department of Defense, Government Certification and Authorizing Officials and federal customer base
    • Strong technical background in guiding policy makers and interpreting existing policy in accordance with Department of Defense (DoD) objectives
    • Deep understanding of NIST SP 800-53 security controls and Application of National Institute of Standards and Technology (NIST) SP-800 series controls and policies and their applicability to embedded systems
    • Understanding of the artifacts required for assessment of NIST controls
    • Understanding of system security vulnerabilities and attacks vectors
    • Experience with achieving Authority To Operate (ATO), or Interim Authority To Test (IATT) on a systems delivery or deployment effort
    • Software development experience in one of the following core languages: C, C++ or C# is highly desirable
    • Strong verbal and written communication with the ability to distill complex problems
    • Experience briefing technical and non-technical management on cyber issues, threats, vulnerabilities and risk reduction strategies
    • Understanding of security vulnerabilities found via security tools (i.e., HP Fortify, Klocwork, Nessus/Tenable, Retina and others)

    Bonus desired specialization areas:

    • Embedded systems experience
    • Anti-tamper experience
    • TEMPEST experience
    • Penetration testing experience
    • Secure software development experience
    • IoT experience
    • Software test experience
    • Static/dynamic source code analysis experience

    Qualifications

    Education:

    • Bachelor's Degree Required; Master's Preferred

    Specific Degree Field:

    • Bachelor’s Degree (BS) in Cybersecurity, Computer Science, or an Engineering field required.

    Certifications Preferred:

    • Certified Information Systems Security Professional (CISSP, CISSP-ISSAP, CISSP-ISSEP)
    • Certified Secure Software Lifecycle Professional (CSSLP)
    • Systems Security Certified Professional (SSCP)
    • Certified Ethical Hacker (CEH)

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed